Google Chrome gets last-minute bandaid before Pwn2Own

Google isn't taking any chances with this year's CanSecWest Pwn2Own hacker challenge.Just days before the annual contest where hackers are invited to break into the three main web browsers, Google pushed out another Chrome patch to fix a whopping 24 security holes.

Just days before the annual contest where hackers are invited to break into the three main web browsers, Google pushed out another Chrome patch to fix a whopping 24 security holes. The majority of these vulnerabilities are rated "high risk" and could lead to remote code execution attacks.

As part of its bug-bounty program, Google paid out more than $16,000 to researchers who reported these Chrome vulnerabilities.

This is the second major security update from Google Chrome in the few days. Last week, Google released Chrome 9.0.597.107 (all platforms) to cover a total of 18 security holes, most rated “high-risk.” Last week's update included a $14,000 cash payout.

This year's Pwn2Own contest will have a special emphasis on Google Chrome after Google announced it would put up a $20,000 cash prize for any hacker who can successfully compromise a Windows 7 machine via a vulnerability — and sandbox escape — in Chrome.

So far, two hacking teams have announced an interest in attacking the Chrome sandbox.

Here are the raw details on the latest patch (Google Chrome 10.0.648.127) from Google's Jason Kersey:

[42574] [42765] Low Possible to navigate or close the top location in a sandboxed frame. Credit to sirdarckcat of the Google Security Team.

[Linux only] [49747] Low Work around an X server bug and crash with long messages. Credit to Louis Lang.